User:Alan Gutierrez-Arana

Alan Gutierrez-Arana, a manager with RSM McGladrey’s National Regulatory Insurance Practice, has over 12 years of experience providing IT security and controls assessments, compliance consulting services and performing consulting services for a broad range of insurance, banking, finance and high technology entities. He specializes in IT Security controls assessment and compliance, federal and state IT regulatory compliance (SOX, PCI-DSS, HIPAA-HITECH), IT controls design, SAS70 assessments, disaster recovery, IT outsourcing and off-shoring, IT governance, business continuity, change management, information security, computer operations and e-business.

Prior to joining RSM McGladrey, Mr. Gutierrez worked as IT audit manager for BDO Seidman LLP where he responsible as the IT audit project manager for the largest Sarbanes – Oxley consulting account at BDO at that time. This included the selection and coordination of a 15 personnel team for the evaluation and testing in 10 US locations and 4 European locations (England and France). He also evaluated business risk surrounding the implementation and operation of information technology systems, with a focus on IT internal controls, OCTAVE and IAM methodologies for effective risk assessment and managed the first consulting team to perform an IT controls assessment at the Federal Reserve Bank in New York – B2.

Previously, he worked as a consultant for Jefferson Wells where he performed security control assessments, developed procedures and controls for the management process for the IT department at Vanguard International Group, an investment management worldwide company with over 700 billion dollars in investment funds. Mr. Gutierrez serves as one of RSM McGladrey representatives as interested party for the Information Technology Working Group (ITWG) at NAIC and has served as speaker at the Society of Financial Examiners (SOFE) national career development seminars during the last 2 years. He is also actively involved on the development of a framework mapping for cloud computing controls at the Cloud Security Alliance (CSA).

Professional Affiliations and Accreditations Mr. Gutierrez holds a Certified Information Systems Auditor (CISA) certification, a Certified in Risk and Information Systems Controls (CRISC) certification, a CompTIA A+ hardware certification and a CompTIA Internet+ certification. He is a member of several leading IT industry associations, including the Information Systems and Controls Association (ISACA), the Information Systems Security Association (ISSA), the Computer Security Institute (CSI) and the Cloud Security Alliance (CSA).